Glossary of Terms

Adaptive Chosen Message Attack
In an adaptive chosen message attack, the attacker makes a query and then adaptively chooses its next query based on the the answer to the previous query. An Interrogative Adversary can mount such an attack by repeatedly asking a Web server to mint or verify authenticators.
This is a cryptographic property. A system that provides authentication ensures that a person sending or receiving data is, in fact, who they claim to be. Not to be confused with confidentiality.
A symbol or group of symbols, or a series of bits, selected or determined in a prearranged manner and usually inserted at a prearranged point in a message or transmission in order to determine the validity of the message or transmission or the identity or eligibility of an individual or entity. Cookies are often used as authenticators in client authentication schemes on the web.
Active Adversary
This adversary can see and modify all traffic between the user and the server and mount man-in-the-middle attacks. In the real world, this situation might arise if the adversary controls a proxy service between the user and the server. This is an extremely strong adversary who is very difficult to defend against.
This property is not strictly related to authentication but it is worth defining since it can be provided by cryptography and since it is often confused with authentication. A system that provides confidentiality protects traffic from disclosure by anyone except the sender and the recipient. In contrast, a system that provides authentication ensures that the person sending or receiving the data is indeed who they claim to be. This confusion is increased by SSL which provides options for both confidentiality and authentication. In addition, browsers have the current practice of displaying a single padlock for "security" whose meaning is ambiguous.
A piece of state information, more specifically a key/value pair, which can be stored on a client machine. The cookie is returned in subsequent requests by the server. Cookies are further described in the Netscape Cookie Specification.
UNIX crypt
This is the password encryption function on UNIX systems. It is based on the Data Encryption Standard algorithm with some variations. Crypt has some quirks, such as the fact that it only operates on the first eight characters of input which make it a poor choice for generalized encryption or message authentication codes.
Eavesdropping Adversary
This adversary can see all traffic between users and the server, but cannot modify any packets flowing across the network. That is, the adversary can sniff the network and replay authenticators. This adversary also has all the abilities of the Interrogative Adversary.
Ephemeral Cookie
A cookie, also called a temporary cookie which is only stored in the browser's memory and disappears when the user exits the browser.
Existential Forgery
The adversary can forge an authenticator for at least one user. However, the adversary cannot choose the user. This may be most interesting in the case where authenticators protect access to a subscription service. While an existential forgery would not give an adversary access to a chosen user's account, it would allow the adversary to access content without paying for it. This is the least harmful kind of forgery.
HTTP Basic Authentication
This is one of the authentication mechanisms mentioned in the HTTP specification. Basic Authentication requires the client to send a username and password in the clear as part of the HTTP request. This pair is typically present preemptively in all HTTP requests for content in subdirectories of the original request. Basic authentication is vulnerable to an Eavesdropping Adversary It also does not provide guaranteed expiration (or logout), and repeatedly exposes a user's long term authenticator.
HTTP Digest Authentication
This is newer form of HTTP authentication which is based on the same concept as basic authentication. However, this system does not transmit cleartext passwords. The client sends a cryptographic hash (usually MD5) of the username, password, a server-provided nonce, the HTTP method and the URL. The security of this protocol is discussed extensively in RFC 2617. Digest authentication enjoys very little client support, even though it is supported by the popular Apache Web Server.
Interrogative Adversary
An adversary with no special access to the network (in comparison to the eavesdropping and active adversary). This adversary, who in most cases is potentially any user, can adaptively query a web server a reasonable number of times in order to gain information about the site.
Passive Adversary
see Eavesdropping Adversary
Persistent Cookie
This is a cookie which is written to a file on the user's system. Persistent cookies files are often accessible over the Internet through certain queries to search engines. If such a cookie contains an authenticator, an adversary can simply copy the cookie and break into the user's account. In addition, if the account is accessed from a public system, any subsequent user of that system can access the account. As a result, persistent cookies should not be considered private and authenticators should not be stored in them.
Short for Public Key Infrastructure, a system of digital certificates, Certificate Authorities, and other registration authorities which verify and authenticate the validity of each party involved in an Internet transaction. PKIs are currently evolving and there is no single PKI nor even a single agreed-upon standard for setting up a PKI. However, nearly everyone agrees that reliable PKIs are necessary before electronic commerce can become widespread. From webopedia. The lack of a globally accepted PKI is one the reasons the use of SSL Client Authentication is not widespread. IETF work on PKI is described here and there is also lots of information here.
Selective Forgery
The adversary can forge an authenticator for a particular user. This adversary can access any chosen user's personalized content, be it Web e-mail or bank statements.
The Secure Sockets Layer (SSL) protocol is a strong authentication system which provides confidentiality, integrity, and optionally authentication at the transport level. It is standardized as the Transport Layer Security(TLS) protocol. HTTP runs on top of SSL, which provides all the cryptographic strength. SSL achieves authentication via public-key cryptography in X.509 certificates and requires a public key infrastructure (PKI). This requirement is the main difficulty in using SSL for authentication -- currently there is no global PKI, nor is there likely to be one anytime soon. In addition, SSL decreases Web server performance and often provides more functionality than most applications need.
Temporary Cookie
See Ephemeral Cookie.
Total Break
This results in the recovery, by the adversary, of the secret key used to mint authenticators. This is the most serious break in that it allows the adversary to construct valid authenticators at any time for all users.

[Home]   [Publications]   [Cookie encyclopedia]   [Mailing list]   [FAQ]   [Contact us]

[Blue Ribbon Campaign icon]
Join the Blue Ribbon Online Free Speech Campaign!